In the Linux kernel, the following vulnerability has been resolved: soc: aspeed: lpc-snoop: Don't disable channels that aren't enabled Mitigate e.g. the following: # echo 1e789080.lpc-snoop > /sys/bus/platform/drivers/aspeed-lpc-snoop/unbind ... [ 120.363594] Unable to handle kernel NULL pointer dereference at virtual address 00000004 when write [ 120.373866] [00000004] *pgd=00000000 [ 120.377910] Internal error: Oops: 805 [#1] SMP ARM [ 120.383306] CPU: 1 UID: 0 PID: 315 Comm: sh Not tainted 6.15.0-rc1-00009-g926217bc7d7d-dirty #20 NONE ... [ 120.679543] Call trace: [ 120.679559] misc_deregister from aspeed_lpc_snoop_remove+0x84/0xac [ 120.692462] aspeed_lpc_snoop_remove from platform_remove+0x28/0x38 [ 120.700996] platform_remove from device_release_driver_internal+0x188/0x200 ...

Metrics

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Linux
  • Linux Kernel

No data.

No data.

References
Link Providers
https://git.kernel.org/stable/c/329a80adc0e5f815d0514a6d403aaaf0995cd9be cve-icon cve-icon
https://git.kernel.org/stable/c/56448e78a6bb4e1a8528a0e2efe94eff0400c247 cve-icon cve-icon
https://git.kernel.org/stable/c/ac10ed9862104936a412f8b475c869e99f048448 cve-icon cve-icon
https://git.kernel.org/stable/c/b361598b7352f02456619a6105c7da952ef69f8f cve-icon cve-icon
https://git.kernel.org/stable/c/dc5598482e2d3b234f6d72d6f5568e24f603e51a cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2025072816-CVE-2025-38487-1ffa@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-38487 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-38487 cve-icon
History

Tue, 29 Jul 2025 12:30:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Moderate

Tue, 29 Jul 2025 08:00:00 +0000

Type Values Removed Values Added
First Time appeared Linux
Linux linux Kernel
Vendors & Products Linux
Linux linux Kernel

Mon, 28 Jul 2025 11:30:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: soc: aspeed: lpc-snoop: Don't disable channels that aren't enabled Mitigate e.g. the following: # echo 1e789080.lpc-snoop > /sys/bus/platform/drivers/aspeed-lpc-snoop/unbind ... [ 120.363594] Unable to handle kernel NULL pointer dereference at virtual address 00000004 when write [ 120.373866] [00000004] *pgd=00000000 [ 120.377910] Internal error: Oops: 805 [#1] SMP ARM [ 120.383306] CPU: 1 UID: 0 PID: 315 Comm: sh Not tainted 6.15.0-rc1-00009-g926217bc7d7d-dirty #20 NONE ... [ 120.679543] Call trace: [ 120.679559] misc_deregister from aspeed_lpc_snoop_remove+0x84/0xac [ 120.692462] aspeed_lpc_snoop_remove from platform_remove+0x28/0x38 [ 120.700996] platform_remove from device_release_driver_internal+0x188/0x200 ...
Title soc: aspeed: lpc-snoop: Don't disable channels that aren't enabled
References
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-07-28T11:21:51.249Z

Updated: 2025-07-28T11:21:51.249Z

Reserved: 2025-04-16T04:51:24.021Z

Link: CVE-2025-38487

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-07-28T12:15:30.720

Modified: 2025-07-29T14:14:29.590

Link: CVE-2025-38487

cve-icon Redhat

Severity : Moderate

Publid Date: 2025-07-28T00:00:00Z

Links: CVE-2025-38487 - Bugzilla